<?
session_start();

$_SESSION['lastPage'] = "Photos";

$passwordFalse = false;
$pregFail = false;

require("../mysql.config.inc");
$mysqli = new mysqli($host,$username,$password,$db);  

if(isset($_POST['logout'])){
	unset($_SESSION['logged_user']);
	session_destroy();
}

if(isset($_POST['username'])&& isset($_POST['password'])){
	
	if(preg_match("|[a-zA-Z0-9]|", $_POST['username']) && preg_match("|[a-zA-Z0-9]|", $_POST['password'])){
	
		$username = $_POST['username'];
		$password = hash('sha256',$_POST['password']);
		
		$query = ("SELECT * FROM `Login` WHERE `username` = \"".$username."\" AND `password` = \"".$password."\"");
		$result = $mysqli->query($query);
		$numRows= $result->num_rows;
		
		if($numRows == 1){
			$_SESSION['logged_user'] = $_POST['username'];
		}else{
			$passwordFalse = true;
		}
	}elseif(!preg_match("|[a-zA-Z0-9]|", $_POST['username']) || !preg_match("|[a-zA-Z0-9]|", $_POST['password'])){
		$pregFail= true;
	}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>A Photo Gallery</title>
	<link rel="stylesheet" type="text/css" href="stylesheets/styles.css"/>
</head>

<body>
<div id="content">
	
	<div id="nav">
		<dl class="menu">
			<dd><a href="index.php">Home</a></dd>
			<dd><a href="albums.php">Albums</a></dd>
			<dd><a href="photos.php">All Photos</a></dd>
			<dd class = "active"><a href="admin.php">Administration</a></dd>
		</dl>
	</div>
	
	<h2>Administration</h2>
	
	<div id="bodyText">
	<?php
		if(!isset($_SESSION['logged_user'])){?>
		Please log in to view administrator tools:<br/>
		<?
		if($passwordFalse){
			print("<br/><span class =\"alert\">Your password and/or username was not recognized.
			Please try again or contact the administrator.</span><br/>\n");
		}elseif($pregFail){
			print("<br/><span class =\"alert\">Your password and/or username may only contain capital and
			lowercase letters and numbers.</span><br/>\n");
		}
		?>
		
		<form action="admin.php" method="post">
			<p>
			Username:<br/>
			<input type="text" name="username"/><br/><br/>
			Password:<br/>
			<input type="password" name="password"/><br/>
			<input type="submit" value="Log in"/>
			</p>
		</form>
		
	<?}elseif(isset($_SESSION['logged_user'])){?>
		Welcome, <? print($_SESSION['logged_user']);?>. Please select an Administrative action:<br/><br/>
		
		<a href="admin/fileupload.php">Upload a new picture</a><br/>
		<a href="admin/addAlbum.php">Add a new Album or delete an Album</a><br/>
		<a href="admin/updateAlbum.php">Update an Album</a><br/><br/>
		To alter a photo, you will need to select "Alter this Photo" when viewing the individual 
		photo you want to change.
		
		<form action="admin.php" method="post" name="logout">
			<p>
			<input type="hidden" name="logout"/>
			<input type="submit" value="Log Out"/>
			</p>
		</form>
	<?
	}
	$mysqli->close();
	?>
	</div>

</div>
</body>
</html>